Merge pull request #930 from joaoinacio/EZP-23156_userlogin_empty_pas…

…sword Fix EZP-23156: do not throw InvalidArgument exception on empty password
ezsystems · Oct 20, 2014 · a472370 · a472370
2 parents f2f0b3f + 08b93b7
commit a472370
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 1 deletion.
diff --git a/eZ/Publish/API/Repository/Tests/UserServiceTest.php b/eZ/Publish/API/Repository/Tests/UserServiceTest.php
@@ -1160,6 +1160,29 @@ public function testLoadUserByCredentialsThrowsNotFoundExceptionForUnknownPasswo
         /* END: Use Case */
     }
 
+    /**
+     * Test for the loadUserByCredentials() method.
+     *
+     * @return void
+     * @see \eZ\Publish\API\Repository\UserService::loadUserByCredentials()
+     * @expectedException \eZ\Publish\API\Repository\Exceptions\NotFoundException
+     * @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testLoadUserByCredentials
+     */
+    public function testLoadUserByCredentialsThrowsNotFoundExceptionForUnknownPasswordEmtpy()
+    {
+        $repository = $this->getRepository();
+
+        $userService = $repository->getUserService();
+
+        /* BEGIN: Use Case */
+        $this->createUserVersion1();
+
+        // This call will fail with a "NotFoundException", because the given
+        // login/password combination does not exist.
+        $userService->loadUserByCredentials( 'user', '' );
+        /* END: Use Case */
+    }
+
     /**
      * Test for the loadUserByCredentials() method.
      *
@@ -1183,6 +1206,29 @@ public function testLoadUserByCredentialsThrowsNotFoundExceptionForUnknownLogin(
         /* END: Use Case */
     }
 
+    /**
+     * Test for the loadUserByCredentials() method.
+     *
+     * @return void
+     * @see \eZ\Publish\API\Repository\UserService::loadUserByCredentials()
+     * @expectedException \eZ\Publish\Core\Base\Exceptions\InvalidArgumentValue
+     * @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testLoadUserByCredentials
+     */
+    public function testLoadUserByCredentialsThrowsInvalidArgumentValueForEmptyLogin()
+    {
+        $repository = $this->getRepository();
+
+        $userService = $repository->getUserService();
+
+        /* BEGIN: Use Case */
+        $this->createUserVersion1();
+
+        // This call will fail with a "InvalidArgumentValue", because the given
+        // login is empty.
+        $userService->loadUserByCredentials( '', 'secret' );
+        /* END: Use Case */
+    }
+
     /**
      * Test for the loadUserByLogin() method.
      *

diff --git a/eZ/Publish/API/Repository/UserService.php b/eZ/Publish/API/Repository/UserService.php
@@ -156,6 +156,7 @@ public function loadAnonymousUser();
      *
      * @return \eZ\Publish\API\Repository\Values\User\User
      *
+     * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentValue if credentials are invalid
      * @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException if a user with the given credentials was not found
      */
     public function loadUserByCredentials( $login, $password );

diff --git a/eZ/Publish/Core/REST/Client/UserService.php b/eZ/Publish/Core/REST/Client/UserService.php
@@ -235,6 +235,7 @@ public function loadAnonymousUser()
      *
      * @return \eZ\Publish\API\Repository\Values\User\User
      *
+     * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentValue if credentials are invalid
      * @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException if a user with the given credentials was not found
      */
     public function loadUserByCredentials( $login, $password )

diff --git a/eZ/Publish/Core/Repository/UserService.php b/eZ/Publish/Core/Repository/UserService.php
@@ -576,14 +576,15 @@ public function loadAnonymousUser()
      *
      * @return \eZ\Publish\API\Repository\Values\User\User
      *
+     * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentValue if credentials are invalid
      * @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException if a user with the given credentials was not found
      */
     public function loadUserByCredentials( $login, $password )
     {
         if ( !is_string( $login ) || empty( $login ) )
             throw new InvalidArgumentValue( "login", $login );
 
-        if ( !is_string( $password ) || empty( $password ) )
+        if ( !is_string( $password ) )
             throw new InvalidArgumentValue( "password", $password );
 
         // Randomize login time to protect against timing attacks

diff --git a/eZ/Publish/Core/SignalSlot/UserService.php b/eZ/Publish/Core/SignalSlot/UserService.php
@@ -256,6 +256,7 @@ public function loadAnonymousUser()
      *
      * @return \eZ\Publish\API\Repository\Values\User\User
      *
+     * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentValue if credentials are invalid
      * @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException if a user with the given credentials was not found
      */
     public function loadUserByCredentials( $login, $password )